[Snort-users] Commercial Advanced Packet Sniffers, how do they do this? Application signatures?

Dimitri Syuoul dsyuoul at ...11827...
Fri Jan 22 17:00:25 EST 2010


On Fri, Jan 22, 2010 at 2:42 PM, Richard Bejtlich <taosecurity at ...11827...> wrote:

>
> [1] http://taosecurity.blogspot.com/2006/09/port-independent-protocol.html
> [2] http://bro-ids.org/wiki/index.php/DynamicProtocolDetection
>


Interesting enough the  L7-filter and IPP2P projects seem to be dead.

http://bro-ids.org/wiki/index.php/DynamicProtocolDetection is an
interesting concept but it appears to be general.. and doesnt seem to
be ready for production..


Dimitri




More information about the Snort-users mailing list